Yes, sorry, I did mean 1.0.1e. Thanks for the reply and forgive my ignorance: how do I locate the commit 9ab3ce124616? It seems the git commit ids are a bit longer... Mark.
----- Original Message ----- From: Dr. Stephen Henson <[email protected]> To: [email protected] Cc: Sent: Friday, August 16, 2013 3:15 PM Subject: Re: Fw: 1.0.0e decryption failed or bad record mac On Fri, Aug 16, 2013, Mark Pietras wrote: > Posted something similar to -users but I thought it might make more sense > here on -dev, I apologize if that's not the case: > > > Recently (within last month or so), we started randomly getting this error > in the middle of active long-duration connections (connection having been > open minutes to hours with application traffic minimally every 60s): > > error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad record > mac > > It seems to occur during bursty traffic periods. The only recent change to > our application in a way that changes the utilization of OpenSSL (other than > perhaps timing differences) was to set cipher preferences to server instead > of client via: > > SSL_CTX_set_options( ssl_ctx_server, SSL_OP_CIPHER_SERVER_PREFERENCE ); > > We did some searching and see a lot of discussion regarding this "decryption > failed" error. Some search results indicate issues with utilizing AES > (which is certainly a possibility given our cipher preference change). > > Some recent (2013) search results indicate a seemingly related issue fixed > in 1.0.0e, however that's the version we're on. > > Some other results indicate this patch is > related: http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=32cc247 > but the patch seems to be (just) prior to 1.0.0e, it's not clear. > > Anyone have any insight on this based on this admittedly small level of > information? Thanks... Mark. > Do you mean 1.0.1e? If so see if commit 9ab3ce124616 helps. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected] ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
